DCP Portal is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. For the cross-site scripting vulnerability, an attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks. For the HTML injection vulnerability, attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
TankLogger is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Microsoft Visual Studio is prone to a vulnerability that could allow remote attackers to execute arbitrary code. This issue stems from a design flaw that executes code contained in a project file without first notifying users. Exploiting this issue allows attackers to execute arbitrary code in the context of the user viewing a malicious project file. Since viewing a project file is usually considered a safe operation, users may have a false sense of security by attempting to inspect unknown code before compiling or executing it. This vulnerability may be remotely exploited due to project files originating from untrusted sources.
FogBugz is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
TrackPoint NX is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Apple QuickTime is prone to a buffer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data before copying it to finite-sized process buffers. An attacker may be able to exploit this issue to execute arbitrary machine code in the context of the affected application, but this has not been confirmed. Unsuccessful exploit attempts will most likely crash the application.
MyPhPim is prone to multiple input validation vulnerabilities due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials, and the exploitation of vulnerabilities in the underlying database implementation. An example exploit is provided in the form of a login and password combination.
Cray UNICOS is prone to locally exploitable buffer overflow vulnerabilities. These issues are due to insufficient bounds checking of command line parameters in various utilities with setuid-superuser privileges. Successful exploitation could result in execution of malicious machine code with superuser privileges, facilitating the complete compromise of affected computers.
Orjinweb is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
WebWiz Forums is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Services By CQR